H04L67/28—Network-specific arrangements or communication protocols supporting networked applications for the provision of proxy services, e.g. intermediate processing or storage in the network

H04L67/2814—Network-specific arrangements or communication protocols supporting networked applications for the provision of proxy services, e.g. intermediate processing or storage in the network for data redirection

Abstract

Embodiments of the present invention provide an access control method, an access control system, and an access terminal. The method includes: receiving, by an access terminal, an HTTP request message transmitted by a UE where a destination IP address is an IP address of the access terminal; obtaining an actual IP address corresponding to a website domain name according to DNS resolution when the website domain name is not the IP address of the access terminal, and controlling, according to the actual IP address, the UE to access a target site corresponding to the website domain name. The technical solutions of the present invention solve the problem that a user cannot access the target site because of the cache characteristic of the user equipment.

Description

The present invention relates to a network communication technique, and more particularly to an access control method, an access control system, and an access terminal.

Usually, user equipment (UE: User Equipment) accesses a network through an access terminal such as a router, a wireless router, or a wireless network card. After the user enters the website domain name into the browser of the user device, the browser queries a local cache. If the destination site's Internet Protocol (IP) address corresponding to the website's domain name exists in the local cache, the Hypertext Transport Protocol (HTTP) request is sent to the destination site through the access terminal. Started directly. If the IP address of the site corresponding to the website domain name does not exist in the local cache, a domain name system (DNS) query request is generated and sent to the access terminal. The access terminal performs DNS resolution, acquires the IP address of the target site corresponding to the domain name of the website from the external DNS server, and returns the IP address to the browser. The browser caches the correspondence between the domain name of the website and the IP address of the target site, and an HTTP request is initiated to the target site through the access terminal, and finally the web page content of the target site Is displayed to the user.

In the above process, when the user device is not connected to the network, the access terminal does not obtain the IP address of the target site from the DNS server, and the access terminal provides the dial-up access function of the user device. The IP address of the access terminal is used as the DNS resolution result, the DNS resolution result is returned to the browser, and the user is redirected to the web management page of the access terminal through the browser. In this process, the browser caches the correspondence between the website domain name and the IP address of the access terminal. After the user device can access the Internet, when the user enters the domain name of the original website into the browser of the user device, the browser does not start DNS resolution again, but to start an HTTP request Use the IP address of the corresponding access terminal in the cache. As a result, the user sees the web management page of the access terminal again, and the user cannot access the target site.

Embodiments of the present invention provide an access control method, an access control system, and an access terminal in order to solve the problem that a user cannot access a target site.

In one aspect, an embodiment of the present invention provides an access control method, the access control method comprising: A step of receiving a hypertext transfer protocol (HTTP) request message sent by a user device by an access terminal, wherein the destination internet protocol (IP) address is the IP address of the access terminal and the HTTP request message is a website Including a domain name of If the website domain name is not the first domain name, the access terminal obtains an actual IP address corresponding to the website domain name according to a domain name system (DNS) resolution, and the first domain name Is a domain name corresponding to the IP address of the access terminal, and Controlling the user device to access a target site corresponding to the domain name of the website according to the actual IP address by the access terminal.

In another aspect, embodiments of the present invention provide an access terminal, the access terminal comprising: A receiver configured to receive a hypertext transfer protocol (HTTP) request message sent by a user device, the destination Internet Protocol (IP) address is the IP address of the access terminal, and the HTTP request message is A receiver containing the domain name of the website; If the website domain name is not the first domain name, it obtains the actual IP address corresponding to the website domain name according to the Domain Name System (DNS) resolution, and the user device will follow the actual IP address according to the actual IP address A processor configured to control access to a target site corresponding to the name, the first domain name including a processor that is a domain name corresponding to the IP address of the access terminal.

In another aspect, an embodiment of the present invention provides an access control system, the access control system includes a user equipment, an access terminal, and a domain name system DNS server, The user equipment is configured to send a hypertext transfer protocol (HTTP) request message to the access terminal, the destination internet protocol (IP) address is the IP address of the access terminal, and the HTTP request message is a website domain Name, Access terminal A receiver configured to receive an HTTP request message sent by a user device; If the website domain name is not the first domain name, it obtains the actual IP address corresponding to the website domain name according to the Domain Name System (DNS) resolution, and the user device will follow the actual IP address according to the actual IP address A processor configured to control access to a target site corresponding to a name, wherein the first domain name includes a processor that is a domain name corresponding to the IP address of the access terminal; The DNS server is configured to perform DNS resolution.

In the access control method, the access control system, and the access terminal provided by the embodiment of the present invention, after the access terminal receives the HTTP request message whose destination IP address is the access terminal, the domain name of the website of the HTTP request message And the domain name corresponding to the IP address of the access terminal are compared to determine the validity of the HTTP request message. If it is determined that the HTTP request message is invalid, the actual IP address corresponding to the website domain name is obtained according to the DNS resolution, and the user device is changed to the website domain name according to the obtained actual IP address. Control access to the corresponding destination site. This allows the user device to successfully access the target site corresponding to the website domain name. In this way, after the domain name of the website is entered into the browser of the user device, the problem is that the user cannot access the target site due to the characteristic that the browser caches the IP address returned by the access terminal. Solved.

The flowchart of the access control method by the Example of this inventionFlowchart of an access control method according to another embodiment of the present invention.Flowchart of an access control method according to another embodiment of the present invention.Flowchart of an access control method according to another embodiment of the present invention.1 is a schematic configuration diagram of an access terminal according to an embodiment of the present invention.Schematic configuration diagram of an access terminal according to another embodiment of the present invention1 is a schematic configuration diagram of an access control system according to an embodiment of the present invention.

In order to clearly describe the technical countermeasures of the embodiments of the present invention or the technical countermeasures of the prior art, the following briefly describes the accompanying drawings required for describing the embodiments or the prior art. Apparently, the accompanying drawings in the following description show some embodiments of the present invention, and those skilled in the art can derive other drawings from these accompanying drawings without creative efforts.

BRIEF DESCRIPTION OF THE DRAWINGS In order to make the objects, technical measures and advantages of the present invention easier to understand, the technical measures according to the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings of the embodiments of the present invention. Apparently, the embodiments in the following description are merely a part rather than all of the embodiments of the present invention. All other embodiments obtained by persons of ordinary skill in the art based on the embodiments of the present invention without creative efforts shall fall within the protection scope of the present invention.

First, it should be noted that in the following embodiments of the present invention, the user equipment includes, but is not limited to, a personal computer (PC), a laptop computer, an iPad, or a smartphone.

In the following embodiments of the present invention, the access terminal may be, but is not limited to, a router, a wireless router, or a wireless network card (eg, a USB modem).

It should be noted that in the following embodiments of the present invention, the operations performed by the user device may be specifically performed by the browser of the user device, but are not limited here.

An embodiment of the present invention provides an access control method. In this embodiment of the present invention, the access control method mainly includes the following.

The access terminal receives the HTTP request message transmitted by the user device. However, the destination IP address is the IP address of the access terminal, and the HTTP request message includes the domain name of the website. The domain name of the website may be a domain name entered by the user in the browser of the user device, and is used to access a target site corresponding to the domain name of the website.

If the domain name of the website of the HTTP request message is not the first domain name, the access terminal obtains the actual IP address corresponding to the domain name of the website of the HTTP request message according to DNS resolution, and the access terminal obtains The user apparatus is controlled to access the target site corresponding to the domain name of the website according to the actual IP address. The first domain name is a domain name corresponding to the IP address of the access terminal. The actual IP address indicates the IP address of the target site corresponding to the domain name of the website. The domain name of the website of the HTTP request message is not the first domain name. In particular, after receiving the HTTP request message, the access terminal determines whether the domain name of the website of the HTTP request message is the first domain name. That is, the access terminal determines whether the domain name of the website of the HTTP request message is a domain name corresponding to the IP address of the access terminal. In particular, the access terminal analyzes the HTTP request message, acquires the domain name of the website from the HTTP request message, compares the acquired domain name of the website with the domain name corresponding to the IP address of the access terminal, It is determined whether or not the acquired domain name of the website is a domain name corresponding to the IP address of the access terminal. The access terminal stores a domain name corresponding to the IP address of the access terminal locally.

Optionally, the process by which the access terminal obtains the actual IP address corresponding to the website domain name according to DNS resolution may be as follows. The access terminal transmits a DNS resolution request to the DNS server of the external network. As a result, the DNS server performs DNS resolution with the domain name of the website and returns the DNS resolution result. The DNS resolution request includes the website domain name. That is, the DNS resolution request is used to query the actual IP address corresponding to the website domain name. The access terminal receives an actual IP address corresponding to the domain name of the website returned by the DNS server after the DNS server performs DNS resolution with the domain name of the website. The DNS server indicates a server having a function of storing a correspondence relationship between domain names of websites corresponding to all sites and network IP addresses and converting the domain names of websites to corresponding IP addresses.

Based on the foregoing, an optional step may further be included before the access terminal sends a DNS resolution request to the DNS server. The access terminal determines whether the access terminal is accessing an external network. In particular, the access terminal records a state indicating whether the access terminal is accessing the external network, and the access terminal determines whether the access terminal is accessing the external network according to the recorded state. . For example, an access mark is set at the access terminal, and the access mark is used to identify whether the access terminal is accessing an external network. After the access terminal accesses the external network, the access mark is set to 1, and when the access terminal is not accessing the external network, the access mark is set to 0. Based on this, the access terminal determines whether or not the access terminal is accessing the external network according to the value of the access mark. The value of the access mark is not limited to 0 and 1.

When the determination result indicates that the access terminal is accessing the external network, the access terminal transmits a DNS resolution request to the DNS server of the external network.

The external network may be a network that allows access terminals to connect to the network. For example, the external network may be a fixed network, a wireless mobile network (eg, 3G network and LTE network), a WiFi network or a Zigbee network, and is accessed through a fixed network, a mobile network, a WiFi network or a ZigBee network. Internet is also acceptable.

In this embodiment of the present invention, an access terminal normally has an IP address of a local area network (LAN) (may be referred to as an intra-network IP address) and a wide area network (WAN: Wide Area Network). Note that it has an IP address (which may be referred to as an off-network IP address). The WAN IP address may be obtained by converting the LAN IP address. In this embodiment of the invention, the IP address of the access terminal may be the LAN IP address of the access terminal.

In this embodiment, the access terminal compares the domain name of the website of the HTTP request message with the domain name corresponding to the IP address of the access terminal after receiving the HTTP request message whose destination IP address is the access terminal. Thus, the validity of the HTTP request message is determined. If the access terminal determines that the website domain name in the HTTP request message is not the domain name corresponding to the IP address of the access terminal, this is the HTTP request message as the actual IP address corresponding to the website domain name. It means that it was sent by the user equipment using the cached IP address of the access terminal. Therefore, it is an invalid request. In this embodiment, based on the determination result, the access terminal acquires an actual IP address corresponding to the domain name of the website of the HTTP request message according to the DNS resolution, and based on the acquired actual IP address, the user The device is controlled to access the target site corresponding to the domain name of the website of the HTTP request message. In this way, the problem that the user cannot access the target site is solved because the browser caches the IP address of the access terminal after the domain name of the website is entered into the browser of the user device. .

Further, if the user device has a cache expiration time set, the user device caches between the IP address of the access terminal and the domain name of the website by using the access control method provided by this embodiment. Without waiting for the expired correspondence to expire, the user can successfully access the target site corresponding to the domain name of the website. This improves the efficiency of accessing the target site. For a user device, if the cached correspondence between the IP address of the access terminal and the domain name of the website can be cleared by closing and restarting the browser of the user device, this embodiment By using the access control method provided by the user, the user can successfully access the target site corresponding to the domain name of the website without closing the browser of the user device. This improves the efficiency of accessing the target site. It should be noted that if the user device is configured with a cache expiration time, if the cache expiration time is not reached, the user cannot successfully access the target site through closing the browser on the user device. However, by using the access control method provided in this embodiment, the user does not need to close and restart the browser on the user device and wait for the cache time to expire without the user having to You can successfully access the target site corresponding to your domain name. This improves the efficiency of accessing the target site.

Furthermore, if the domain name of the website of the HTTP request message is the first domain name, that is, if the domain name of the website of the HTTP request message is the domain name corresponding to the IP address of the access terminal, The HTTP request message means that the user device is a request used to access the web management page of the access terminal. Accordingly, the access terminal transmits a DNS response packet to the user device in order to redirect the user device to the web management page of the access terminal. However, the DNS response packet includes the IP address of the access terminal. In this case, after the user device is redirected to the web management page of the access terminal, the user can perform operations such as dialing, device management and / or parameter configuration in the user device through the web management page of the access terminal according to actual application requirements. May be executed.

Furthermore, if the domain name of the website of the HTTP request message is not the first domain name, and the access terminal determines that the access terminal is not accessing the external network, the DNS resolution sent by the access terminal at this point The request cannot reach the DNS server of the external network, and the actual IP address corresponding to the website domain name cannot be obtained. Therefore, the access terminal uses the IP address of the access terminal as a DNS resolution result to redirect the user device to the web management page of the access terminal, encapsulates it in a DNS response packet, and sends the DNS response packet to the user device. You may send it. In this case, after the user device is directed to the web management page of the access terminal, the user device performs a dialing operation by accessing the web management page of the access terminal so that the access terminal can access the external network. May be. It should be noted that the dialing operations described here represent operations that perform access to the external network, and the results may include successful access to the external network and unsuccessful access to the external network. is there.

Optionally, the implementation method for controlling the user equipment to access the target site corresponding to the domain name of the website according to the actual IP address obtained by the access terminal may be as follows. The access terminal initiates an HTTP redirect request to the user device so that the user device can resume the HTTP request to access the target site according to the actual IP address corresponding to the domain name of the website. However, the HTTP redirect request includes the actual IP address.

Optionally, the implementation method for the access terminal to initiate an HTTP redirect request to the user device may be as follows. The access terminal transmits an HTTP redirect request packet to the user device.

Preferably, the access terminal may set an actual IP address in a header field (for example, a location field) of the HTTP redirect packet, but is not limited here.

The HTTP redirect packet may be an HTTP 30x series response code. According to the different operation system or browser type of the user device, the HTTP redirect packet includes an HTTP response code 300 (multiple choices), an HTTP response code 301 (moved permanently), an HTTP response code 302 (detection (found) )), HTTP response code 303 (see other) or HTTP response code 307 (temporary redirect), but is not limited thereto.

Optionally, the implementation method for the access terminal to send an HTTP redirect request to the user device may be as follows. The access terminal transmits an HTTP redirect page to the user device, and the redirect page includes the actual IP address.

Generally, the redirect page is a prompt page, and the prompt page generally further includes link information indicating the actual IP address in addition to the actual IP address. The link information indicating the actual IP address may be a browser client script or plug-in on the redirect page. The script or plug-in may include, but is not limited to Javascript, VBScript or Flash. The redirect page script or plug-in may prompt the user to click, or may directly control the user device to initiate an HTTP request to the actual IP address. For example, in Javascript, the link information indicating the actual IP address may be implemented by window.location.href = “http: // [actual IP address]”.

Normally, different user devices have different cache expiry times, typically 1-3 minutes, some 10 minutes, and the like. It takes a long time for the user to access the target site by waiting for this length of time. The operation of closing and restarting the browser of the user device is cumbersome, and the manual operation generally has low efficiency. This also affects the efficiency with which the user can access the target site. In this embodiment of the invention, after the user equipment receives the HTTP redirect request packet or page returned by the access terminal, the HTTP request to access the target site is in accordance with the HTTP redirect request packet or the actual IP address of the page. Started directly. Thus, there is no need to wait for the cached correspondence between the website domain name and the IP address of the access terminal to expire and the user device browser need not be closed. This improves the efficiency of successfully accessing the target site.

Optionally, another implementation method for controlling the user equipment to access a target site corresponding to the domain name of the website according to the actual IP address obtained by the access terminal may be as follows. The access terminal replaces the destination IP address of the received HTTP request message with the actual IP address and transmits the actual IP address so that the user device can access the target site corresponding to the domain name of the website. The process of replacing the destination IP address of the HTTP request message received by the access terminal with the actual IP address and transmitting the actual IP address so that the user device can access the target site corresponding to the domain name of the website The following may be used. The access terminal replaces the destination IP address of the received HTTP request message with the actual IP address so that the user device can access the target site corresponding to the domain name of the website, and replaces the actual IP address with that of the website. Send to the destination site corresponding to the domain name.

In this implementation method, after the access terminal obtains the actual IP address corresponding to the website domain name, the HTTP request message is transmitted so that the user device can successfully access the target site corresponding to the website domain name. The access terminal's IP address is replaced with the actual IP address, and the actual IP address is transmitted. The user device does not need to wait for the cached correspondence between the website domain name and the IP address of the access terminal to expire and does not need to close and restart the browser on the user device. This improves access efficiency to the target site.

FIG. 1A is a flowchart of an access control method according to an embodiment of the present invention. As shown in FIG. 1A, the method of this embodiment includes the following steps.

Step 101: The access terminal receives an HTTP request message sent by a user device. However, the destination IP address is the IP address of the access terminal, and the HTTP request message includes the domain name of the website.

The domain name of the website is the domain name of the target site that the user needs to access. This may be entered by the user into the browser of the user device. The destination IP address is the IP address of the access terminal.

In particular, if the user needs to access a site (recorded as the target site), the user enters the domain name of the target site's website in the browser of the user device. The user device queries the cached correspondence between the local website domain name and the IP address according to the website domain name entered by the user, and obtains the IP address corresponding to the website domain name. Get and generate HTTP request message.

The destination IP address of the HTTP request message is a corresponding IP address cached by the user device between the domain name of the website and the IP address of the access terminal. The HTTP request message further includes the domain name of the website. Preferably, the user apparatus may set the domain name of the website in the Host field or Referrer field of the header of the HTTP request message, but is not limited here. For example, the website domain name may be communicated through fields other than the host field or referrer field.

In this embodiment, the IP address in the correspondence cached by the user device between the website domain name and the IP address is the IP address of the access terminal. Optionally, if the access terminal receives a DNS resolution request sent by the user equipment before receiving the HTTP request message sent by the user equipment, the access terminal has not accessed the external network and accessed The terminal uses the IP address of the access terminal as the DNS resolution result and returns the DNS resolution result to the user device.

One skilled in the art understands that an HTTP request message sent by a user device conveys an identifier of the user device so that the access terminal can distinguish between different user devices.

Step 102: The access terminal determines whether the domain name of the website is the first domain name. If the determination result is NO, step 103 is executed, and if the determination result is YES, step 106 is executed.

The first domain name is a domain name corresponding to the IP address of the access terminal. The access terminal stores a domain name corresponding to the IP address of the access terminal locally. That is, the access terminal stores the first domain name locally.

After receiving the HTTP request message whose destination IP address is the IP address of the access terminal, the access terminal analyzes the HTTP request message and determines whether the HTTP request message is a valid request Obtain the domain name of the website from the message (that is, the domain name of the site for which the user requests access), and the domain name corresponding to the IP address of the access terminal and the website domain name obtained from the HTTP request message And compare.

If the determination result is YES, that is, if the access terminal determines that the domain name of the website acquired from the HTTP request message is a domain name corresponding to the IP address of the access terminal, this means that the HTTP request message Means that the HTTP request message is a request used by the user device to access the web management page of the access terminal. Thereby, the access terminal executes step 106. That is, in order to redirect the user device to the web management page of the access terminal, the IP address of the access terminal is transmitted to the user device as an HTTP request result.

If the determination result is NO, that is, if the access terminal determines that the domain name obtained from the HTTP request message is not a domain name corresponding to the IP address of the access terminal, this means that the HTTP request message is Sent using the access terminal's IP address as the actual IP address of the website domain name, meaning an invalid request. As a result, the access terminal executes step 103. That is, it is further determined whether the access terminal is accessing an external network to determine whether DNS resolution can be performed to obtain the actual IP address of the website domain name.

Step 103: The access terminal determines whether the access terminal is accessing an external network. If the determination result is YES, step 104 is executed, and if the determination result is NO, step 107 is executed.

In this embodiment, the access terminal records a state indicating whether the access terminal is accessing an external network. The access terminal may determine whether the access terminal is accessing an external network according to the recorded state. For example, an access mark is set at the access terminal, and the access mark is used to identify whether the access terminal is accessing an external network. After the access terminal accesses the external network, the access mark is set to 1, and when the access terminal is not accessing the external network, the access mark is set to 0. Based on this, the access terminal determines whether or not the access terminal is accessing the external network according to the value of the access mark. The value of the access mark is not limited to 0 and 1.

If the domain name of the website is not the domain name corresponding to the IP address of the access terminal, the access terminal executes step 104 if the access terminal determines that the access terminal is accessing an external network. That is, DNS resolution is performed to obtain the actual IP address of the website domain name. If the access terminal determines that the access terminal is not accessing the external network, the access terminal executes step 107. That is, in order to redirect the user device to the web management page of the access terminal, the IP address of the access terminal is transmitted to the user device as a DNS resolution result. As a result, the user apparatus executes an operation such as dial-up access.

Step 104: The access terminal obtains an actual IP address corresponding to the website domain name according to DNS resolution.

In particular, the access terminal transmits a DNS resolution request to the DNS server of the external network. However, the DNS resolution request includes the domain name of the website. The DNS server receives the DNS resolution request sent by the access terminal, parses the DNS resolution request, obtains the domain name of the website, performs DNS resolution with the domain name of the website, and The actual IP address corresponding to is acquired, and a DNS response packet is transmitted to the access terminal. However, the DNS response packet includes the acquired actual IP address. The access terminal receives the DNS response packet returned by the DNS server, and acquires the actual IP address corresponding to the domain name of the website from the DNS response packet.

Step 105: The access terminal initiates an HTTP redirect request to the user device so that the user device can resume the HTTP request to access the target site according to the actual IP address. However, the HTTP redirect request includes the actual IP address.

In the optional implementation method of this embodiment, the access terminal may send an HTTP redirect packet to the user equipment and communicate the actual IP address through the header field of the HTTP redirect packet. This is not limited in this embodiment.

In the optional implementation method of this embodiment, the access terminal may send an HTTP redirect page to the user device and communicate the actual IP address through the HTTP redirect page.

Further, the access terminal may further transmit link information indicating the actual IP address in the redirect page. This is used to automatically control the user device to resume the HTTP request to access the target site according to the actual IP address. The link information indicating the actual IP address may be a browser client script or plug-in on the redirect page, but is not limited thereto.

The script or plug-in may include, but is not limited to Javascript, VBScript or Flash.

After the user equipment receives the actual IP address of the website domain name, the user does not have to wait to close the browser of the user equipment, and between the access terminal IP address and the website domain name. The HTTP request may be resumed by directly inputting the domain name of the website into the browser of the user device without having to wait for the correspondence cached by the user device to expire.

Step 106: The access terminal transmits the IP address of the access terminal to the user apparatus as an HTTP request result to redirect the user apparatus to the web management page of the access terminal, and ends the operation.

Step 107: The access terminal transmits the IP address of the access terminal to the user apparatus as a DNS resolution result in order to redirect the user apparatus to the web management page of the access terminal, and ends the operation.

In this embodiment, when the access terminal determines that the HTTP request message whose destination IP address is the IP address of the access terminal is an invalid request, it is further determined whether or not the access terminal is accessing an external network. . If the access terminal is accessing an external network, the actual IP address corresponding to the website domain name is obtained according to DNS resolution, and the user is between the access terminal IP address and the website domain name. Allows users to resume HTTP requests to access the target site without having to wait for the correspondence cached by the device to expire and without having to close and restart the browser on the user device To. This improves the efficiency of accessing the target site. If the access terminal is not accessing the external network, the user equipment is redirected to the web management page of the access terminal so that the user can perform an operation to access the external network at an appropriate time through the web management page. This facilitates improving the efficiency of accessing the target site to some extent.

FIG. 1B is a flowchart of an access control method according to another embodiment of the present invention. This embodiment may be implemented based on the embodiment shown in FIG. 1A. As shown in FIG. 1B, the method of this embodiment includes the following steps before step 101.

Step 100a: The access terminal receives the DNS resolution request sent by the user equipment. However, the DNS resolution request includes the domain name of the website.

Step 100b: If the access terminal determines that the access terminal is not accessing the external network, the IP address of the access terminal is returned to the user apparatus as a DNS resolution result to redirect the user apparatus to the web management page of the access terminal. Send.

In this embodiment, the user device is accessing an external network through an access terminal. The access terminal may provide a web management page to the user. For example, in order to access the web management page of the access terminal, the user can specify the IP address (for example, 192.168.1.1) of the access terminal or the domain name (for example, mobilewifi.home) corresponding to the IP address of the access terminal. You may enter it in your browser. In the web management page of the access terminal, the user is provided with functions such as a dial function for accessing an external network, device management and parameter configuration. Thereby, the user may perform operations such as dialing, device management and parameter configuration through the web management page of the access terminal.

When a user needs to access a site (recorded as the target site), the user enters the website domain name into the browser of the user device. The user device generates a DNS resolution request according to the domain name of the website input by the user, and transmits the DNS resolution request to the access terminal. The access terminal determines whether the access terminal is accessing the external network, and if the access terminal is not currently accessing the external network, the access terminal redirects the user equipment to the web management page of the access terminal Then, the IP address of the access terminal or the domain name corresponding to the IP address of the access terminal is returned to the user device as the DNS resolution result. The reason why the network cannot be accessed is displayed on the web management page of the access terminal, and a function for accessing the external network is provided. The user dials through the web management page of the access terminal so that the access terminal can access the external network.

In the above process, the user device caches the correspondence between the IP address of the access terminal and the domain name of the website.

In this embodiment, after the access terminal accesses the external network, the user inputs the domain name directly into the browser that presents the web management page to the user device. At this point, the user device queries the local cache, uses the IP address of the access terminal as the actual IP address of the website domain name, does not start DNS resolution again, and executes step 101. That is, an HTTP request message is generated, and the HTTP request message is transmitted to the access terminal. The destination IP address of the HTTP request message is not the actual IP address corresponding to the domain name of the website, but the IP address of the access terminal.

It can be seen that this embodiment solves the following problems. After the user accesses (eg, dials) the external network through the web management page of the access terminal, the user inputs the domain name of the original website directly into a browser that presents the web management page to the user device. However, the target site cannot be accessed. In this embodiment, the user does not wait for the cached correspondence between the website domain name and the IP address of the access terminal to expire, and closes and restarts the browser on the user device. You can access the target site successfully without need. This improves the efficiency of accessing the target site.

This embodiment is further described below along with actual application scenarios. In this usage scenario, the user needs to access the target site whose website domain name is www.xxxx.com, the access terminal is not currently accessing the external network, and the state of the access terminal is redirected Assume that the condition is met. The specific procedure for a user to access a target site whose website domain name is www.xxxx.com is as follows.

Step a: The user enters the website domain name www.xxxx.com in the browser of the user device. However, the website domain name www.xxxx.com corresponds to the intended site that the user wants to access.

Step b: The user apparatus transmits a DNS resolution request to the access terminal, and the access terminal returns the IP address (for example, 192.168.1.1) of the access terminal to the user apparatus as a DNS inquiry result.

Step c: The user device caches the DNS resolution result. That is, the user apparatus considers that the actual IP address corresponding to the website domain name www.xxxx.com is 192.168.1.1.

Step d: The user device initiates an HTTP request to the access terminal, and a web management page of the access terminal is presented to the user device browser. The user performs dial-up access by operating on the web management page.

Step e: The user again enters the website domain name www.xxxx.com into the browser that presents the web management page to the user device without closing the browser on the user device.

Step f: The user equipment queries the local cache and generates an HTTP request message using the IP address 192.168.1.1 of the access terminal directly as the actual IP corresponding to the website domain name www.xxxx.com Then send. Do not start DNS resolution again.

Step g: After receiving the HTTP request message, the access terminal determines whether the domain name of the website in the header of the HTTP request message is a domain name corresponding to the IP address of the access terminal. Assuming that the domain name corresponding to the IP address 192.168.1.1 of the access terminal is www.aaaa.com, the access terminal determines that the current HTTP request is incorrect.

Step h: After determining that the current HTTP request is incorrect, the access terminal continues to determine whether the access terminal is currently accessing the external network. If the access terminal is not accessing the external network, the access terminal returns the IP address 192.168.1.1 of the access terminal to the user device to redirect the user device to the web management page of the access terminal. When the access terminal is accessing an external network, the DNS server performs DNS resolution and obtains the actual IP address of the website domain name www.xxxx.com.

Step i: After the access terminal obtains the actual IP address of the website domain name www.xxxx.com, it configures the HTTP redirect request and the website domain name www.xxxx.com actual through the HTTP redirect request The IP address is sent to the user device.

A specific implementation method of the HTTP redirect request may be an HTTP redirect packet or a redirect page.

Step j: The user equipment resends the HTTP request message to the access terminal according to the actual IP address of the website domain name www.xxxx.com.

Step k: After receiving the HTTP request message, the access terminal transfers the HTTP request message, and the user device finally accesses the target site corresponding to the website domain name www.xxxx.com.

Furthermore, the method of this embodiment of the present invention is not only applicable to redirect usage scenarios in processes where the target site is accessed by using the domain name of the website, but also to other redirect usage scenarios. It should be noted that it is applicable. For example, it can also be applied to usage scenarios where DNS redirection is used to implement load balancing on a fixed network.

The principle of DNS redirection for implementing load distribution is to configure the same name for a plurality of IP addresses in a DNS server so that a client inquiring for a name can obtain one address. This achieves the purpose of load balancing by different clients accessing different servers. However, if the server is out of order, even if the DNS settings are changed at an appropriate time, it is still necessary to wait for a sufficient amount of time (eg, a specific recovery time) to take effect. During this period, the client that has cached the IP address of the failed server cannot access the server as usual, and therefore cannot obtain the necessary service. Alternatively, if the server IP address changes, if the server's original IP address is cached in the client, the client cannot access the server before the server IP address is updated. Regarding the above problem, the DNS server may employ the access control method provided by the embodiment of the present invention. If a DNS resolution request sent by the client is received, it is determined whether the server IP address of the DNS resolution request is consistent with the cached IP address of the server. Alternatively, it is determined whether or not the corresponding server has failed according to the IP address of the server in the DNS resolution request. If the result of the determination is that the IP addresses do not match or the server is out of order, the client is redirected to the normal server, allowing the client to obtain the necessary information at the appropriate time.

FIG. 2A is a flowchart of an access control method according to an embodiment of the present invention. As shown in FIG. 2A, the method of this example includes the following steps.

Step 201: The access terminal receives an HTTP request message sent by a user device. However, the destination IP address is the IP address of the access terminal, and the HTTP request message includes the domain name of the website.

Step 202: The access terminal determines whether the domain name of the website is the first domain name. If the determination result is NO, step 203 is executed, and if the determination result is YES, step 205 is executed.

Step 203: The access terminal determines whether or not the access terminal is accessing an external network. If the determination result is YES, step 204 is executed, and if the determination result is NO, step 206 is executed.

For steps 201-203, reference may be made to the description of steps 101-103 and will not be described again here.

Step 204: The access terminal replaces the destination IP address of the HTTP request message, which is the IP address of the access terminal, with the actual IP address so that the user device can access the target site corresponding to the domain name of the website. Send the actual IP address.

In this embodiment, when the access terminal determines that the domain name of the website of the HTTP request message is not a domain name corresponding to the IP address of the access terminal, and the access terminal is accessing an external network, the access terminal Directly replace the destination IP address of the HTTP request message, which is the IP address of the access terminal, with the actual IP address corresponding to the domain name of the website of the HTTP request message so that the device can successfully access the target site. The HTTP request message with the destination IP address replaced is transmitted. Thus, after inputting the domain name of the website into the browser of the user device, the browser caches the IP address of the access terminal, so that the user cannot access the target site corresponding to the domain name of the website Solve technical problems.

In addition, if the user device has a cache expiration time, it is cached by the user device between the IP address of the terminal and the domain name of the website by using the access control method provided by this embodiment. Without waiting for the correspondence relationship to expire, the user can successfully access the target site corresponding to the domain name of the website. This improves the efficiency of accessing the target site. For a user device, if the cached correspondence between the IP address of the access terminal and the domain name of the website can be cleared by closing and restarting the browser of the user device, this embodiment By using the access control method provided by the user, the user can successfully access the target site corresponding to the domain name of the website without closing the browser of the user device. This improves the efficiency of accessing the target site. It should be noted that if the cache expiration time is set for the user device, the user cannot successfully access the target site through closing the browser on the user device if the cache expiration time is not reached. However, by using the access control method provided in this embodiment, the user does not need to close and restart the browser on the user device and wait for the cache time to expire without the user having to You can successfully access the target site corresponding to your domain name. This improves the efficiency of accessing the target site.

Step 205: The access terminal transmits the IP address of the access terminal to the user apparatus as an HTTP request result to redirect the user apparatus to the web management page of the access terminal, and ends the operation.

Step 206: The access terminal transmits the IP address of the access terminal as a DNS resolution result to the user apparatus to redirect the user apparatus to the web management page of the access terminal. Description of Steps 106 to 107 for Steps 205 to 206 References may be made to and will not be described again here.

FIG. 2B is a flowchart of an access control method according to another embodiment of the present invention. This embodiment may be implemented based on the embodiment shown in FIG. 2A. As shown in FIG. 2B, the method of this embodiment includes the following steps before step 201:

Step 200a: The access terminal receives the DNS resolution request sent by the user equipment. However, the DNS resolution request includes the domain name of the website.

Step 200b: If the access terminal determines that the access terminal is not accessing the external network, the IP address of the access terminal is returned to the user apparatus as a DNS resolution result to redirect the user apparatus to the web management page of the access terminal. Send.

For steps 200a-200b, reference may be made to the description of steps 100a-100b and will not be described again here.

It can be seen that this embodiment solves the following problems. After the user accesses the external network through the web management page of the access terminal, the user directly inputs the domain name of the original website into a browser that presents the web management page to the user device. However, the target site cannot be accessed. In this embodiment, the user does not wait for the cached correspondence between the website domain name and the IP address of the access terminal to expire, and closes and restarts the browser on the user device. You can access the target site successfully without need. This improves the efficiency of accessing the target site.

FIG. 3A is a schematic structural diagram of an access terminal according to an embodiment of the present invention. As shown in FIG. 3A, the access terminal of this embodiment includes a receiver 31 and a processor 32.

The receiver 31 is configured to receive an HTTP request message transmitted by the user device. However, the destination IP address is the IP address of the access terminal, and the HTTP request message includes the domain name of the website.

The processor 32 is connected to the receiver 31 and, if the domain name of the website of the HTTP request message received by the receiver 31 is not the first domain name, the actual IP corresponding to the website domain name according to DNS resolution. It is configured to obtain an address and control the user device to access a target site corresponding to the domain name of the website according to the actual IP address. The first domain name is a domain name corresponding to the IP address of the access terminal.

The domain name of the website of the HTTP request message received by the receiver 31 is not the first domain name. In particular, the processor 32 parses the HTTP request message, obtains the website domain name from the HTTP request message, compares the obtained website domain name with the domain name corresponding to the IP address of the access terminal, It may be determined whether or not the acquired domain name of the website is a domain name corresponding to the IP address of the access terminal. The access terminal stores a domain name corresponding to the IP address of the access terminal locally.

The access terminal provided by this embodiment may be used to perform the above-described embodiment of the access control method. Specific operating principles are described in the method embodiments and will not be described again here.

It should be noted that the access terminal of this embodiment may further include components such as a power supply module, an input / output interface and a memory in addition to the receiver and the processor. The processor may be a central processing unit (CPU), and for convenience of explanation, these components are not shown in the drawing.

In this embodiment, after receiving an HTTP request message whose destination IP address is the address of the access terminal, the access terminal compares the domain name of the website of the HTTP request message with the domain name corresponding to the IP address of the access terminal. To determine the validity of the HTTP request message. If it is determined that the website domain name is not the domain name corresponding to the access terminal IP address, the HTTP request message is sent by the user equipment using the access terminal IP address as the actual IP address of the website domain name. It is determined that the request is transmitted and is invalid. Therefore, the access terminal obtains the actual IP address corresponding to the website domain name according to the DNS resolution, and the user device can successfully access the target site corresponding to the website domain name according to the actual IP address. In addition, the user apparatus is controlled to access a target site corresponding to the domain name of the website. In this way, after entering the website domain name into the browser of the user device, the browser caches the IP address of the access terminal, so the user accesses the target site corresponding to the website domain name. The problem of not being solved is solved. Furthermore, in this embodiment, the access terminal does not need to wait for the correspondence cached by the user device between the IP address of the access terminal and the domain name of the website to expire, and the browser of the user device Allows users to successfully access the destination site that corresponds to the website domain name without having to close and restart. This improves the efficiency of accessing the target site.

FIG. 3B is a schematic structural diagram of an access terminal according to another embodiment of the present invention. This embodiment is implemented based on the embodiment shown in FIG. 3A. As shown in FIG. 3B, the access terminal of this embodiment further includes a transmitter 33.

In this embodiment, the process in which the processor 32 controls the user device to access the target site corresponding to the domain name of the website according to the actual IP address includes the following. The processor 32 is configured to replace the destination IP address of the HTTP request message, which is the IP address of the access terminal, with the actual IP address obtained by the processor. However, the HTTP request message is received by the receiver 31. The processor 32 is configured to control the transmitter 33 to send an HTTP request message with the destination IP address replaced so that the user device can access a target site corresponding to the domain name of the website. .

Correspondingly, the transmitter 33 is connected to the processor 32, and is configured to transmit an HTTP request message with the destination IP address replaced under the control of the processor 32.

Further, in this embodiment, the process in which the processor controls the user device to access the target site corresponding to the domain name of the website according to the actual IP address includes the following. The processor 32 controls the transmitter 33 to send an HTTP redirect request to the user device so that the user device can resume the HTTP request to access the target site according to the actual IP address obtained by the processor 32 Configured to do. The HTTP redirect request includes the actual IP address.

The processor 32 causes the transmitter 33 to initiate an HTTP redirect request to the user device so that the user device can resume the HTTP request to access the target site according to the actual IP address obtained by the processor 32. It may be specifically configured to control. This achieves the purpose of controlling the user device to access the target site corresponding to the domain name of the website.

Optionally, the transmitter 33 may be specifically configured to send an HTTP redirect request packet or an HTTP redirect page to the user device. The HTTP redirect request packet or HTTP redirect page includes the actual IP address.

Further, when the domain name of the website is the first domain name, the transmitter 33 transmits a DNS response packet to the user device under the control of the processor 32 in order to redirect the user device to the web management page of the access terminal. It may be further configured to do so. However, the DNS response packet includes the IP address of the access terminal.

The access terminal provided by this embodiment may be used to perform the above-described embodiment of the access control method. Specific operating principles are described in the method embodiments and will not be described again here.

In this embodiment, the access terminal compares the domain name of the website of the HTTP request message with the domain name corresponding to the IP address of the access terminal after receiving the HTTP request message whose destination IP address is the access terminal. Thus, the validity of the HTTP request message is determined. If it is determined that the website domain name is not the domain name corresponding to the access terminal IP address, the HTTP request message is sent by the user equipment using the access terminal IP address as the actual IP address of the website domain name. It is determined that the request is transmitted and is invalid. Therefore, the access terminal obtains the actual IP address corresponding to the website domain name according to the DNS resolution, and the user device can successfully access the target site corresponding to the website domain name according to the actual IP address. In addition, the user apparatus is controlled to access a target site corresponding to the domain name of the website. In this way, after entering the website domain name into the browser of the user device, the browser caches the IP address of the access terminal, so the user accesses the target site corresponding to the website domain name. The problem of not being solved is solved. Furthermore, in this embodiment, the access terminal does not need to wait for the correspondence cached by the user device between the IP address of the access terminal and the domain name of the website to expire, and the browser of the user device The user device can successfully access the target site corresponding to the domain name of the website without having to close and restart. This improves the efficiency of accessing the target site.

FIG. 4 is a schematic configuration diagram of an access control system according to an embodiment of the present invention. As shown in FIG. 4, the system of this embodiment includes a user device 41, an access terminal 42, and a DNS server 43.

The user device 41 is configured to send an HTTP request message. However, the destination IP address is the IP address of the access terminal 42, and the HTTP request message includes the domain name of the website.

The access terminal 42 in this embodiment includes a receiver and a processor.

The receiver is configured to receive an HTTP request message sent by the user device 41. When the processor is connected to the receiver and the website domain name of the HTTP request message received by the receiver is not the first domain name, the processor obtains the actual IP address corresponding to the website domain name according to DNS resolution The user apparatus is controlled to access a target site corresponding to the domain name of the website according to the actual IP address. The first domain name is a domain name corresponding to the IP address of the access terminal.

Optionally, the access terminal 42 of this embodiment may further include a transmitter.

The DNS server 43 is configured to perform DNS resolution. Optionally, the process by which DNS server 43 performs DNS resolution may include receiving a DNS resolution request sent by the processor of access terminal 42. However, the DNS resolution request includes the website domain name of the HTTP request message. The DNS server 43 performs DNS resolution with the domain name of the website of the DNS resolution request, acquires the actual IP address corresponding to the domain name of the website, and accesses the actual IP address acquired as the DNS resolution result Return to the processor of terminal 42.

Optionally, user device 41 is connected to the receiver of access terminal 42 and DNS server 43 is connected to the processor of access terminal 42.

Note that the configuration of the access terminal 42 of this embodiment may be referred to in the description of the embodiment shown in FIG. 3A, and the operation principle may be referred to the description of the foregoing method embodiment. Should. I will not explain it again here.

In the access control system of this embodiment, after the access terminal receives an HTTP request message whose destination IP address is the address of the access terminal, the domain corresponding to the domain name of the website of the HTTP request message and the IP address of the access terminal The validity of the HTTP request message is determined by comparing the name. If it is determined that the website domain name is not the domain name corresponding to the access terminal IP address, the HTTP request message is sent by the user equipment using the access terminal IP address as the actual IP address of the website domain name. It is determined that the request is transmitted and is invalid. The access terminal further acquires an actual IP address corresponding to the domain name of the website, and according to the actual IP address, the user device can access the target site corresponding to the domain name of the website. Control access to the target site corresponding to the website domain name. The user device does not need to wait for the association cached by the user device between the IP address and the website domain name to expire, and does not need to close and restart the browser on the user device. Has good access to the target site. This improves the efficiency of accessing the target site.

Those skilled in the art will appreciate that all or part of the method steps of these examples may be implemented by programs that instruct the associated hardware. The program may be stored in a computer readable storage medium. When the program executes, the aforementioned steps of the methods of these embodiments are performed. The storage medium may be any medium that can store program codes, such as a ROM, a RAM, a magnetic disk, or an optical disk.

Finally, it should be noted that the foregoing embodiments are not intended to limit the present invention, but merely to illustrate the technical solutions of the present invention. Although the present invention has been described in detail with reference to the above-described embodiments, the technical countermeasures described in the above-described embodiments can still be changed without departing from the scope of the technical countermeasures of the embodiments of the present invention. Those skilled in the art will appreciate that it can be done, or that equivalent replacement can be made to some or all of the technical measures.

In the access control method, the access control system, and the access terminal provided by the embodiments of the present invention, the access terminal receives the HTTP request message whose destination IP address is the IP address of the access terminal , and then receives the HTTP request message website. The validity of the HTTP request message is determined by comparing the domain name corresponding to the IP address of the access terminal and the domain name corresponding to the IP address of the access terminal. If it is determined that the HTTP request message is invalid, the actual IP address corresponding to the website domain name is obtained according to the DNS resolution, and the user device is changed to the website domain name according to the obtained actual IP address. Control access to the corresponding destination site. This allows the user device to successfully access the target site corresponding to the website domain name. In this way, after the domain name of the website is entered into the browser of the user device, the problem is that the user cannot access the target site due to the characteristic that the browser caches the IP address returned by the access terminal. Solved.

In this embodiment, after receiving an HTTP request message whose destination IP address is the IP address of the access terminal , the access terminal obtains the domain name of the website of the HTTP request message and the domain name corresponding to the IP address of the access terminal. By comparing, the validity of the HTTP request message is determined. If it is determined that the website domain name is not the domain name corresponding to the access terminal IP address, the HTTP request message is sent by the user equipment using the access terminal IP address as the actual IP address of the website domain name. It is determined that the request is transmitted and is invalid. Therefore, the access terminal obtains the actual IP address corresponding to the website domain name according to the DNS resolution, and the user device can successfully access the target site corresponding to the website domain name according to the actual IP address. In addition, the user apparatus is controlled to access a target site corresponding to the domain name of the website. In this way, after entering the website domain name into the browser of the user device, the browser caches the IP address of the access terminal, so the user accesses the target site corresponding to the website domain name. The problem of not being solved is solved. Furthermore, in this embodiment, the access terminal does not need to wait for the correspondence cached by the user device between the IP address of the access terminal and the domain name of the website to expire, and the browser of the user device The user device can successfully access the target site corresponding to the domain name of the website without having to close and restart. This improves the efficiency of accessing the target site.

Claims (12)

Receiving a hypertext transfer protocol (HTTP) request message sent by a user equipment by an access terminal, wherein a destination internet protocol (IP) address is an IP address of the access terminal, and the HTTP request message is: Having a website domain name, If the domain name of the website is not a first domain name, the access terminal obtains an actual IP address corresponding to the domain name of the website according to a Domain Name System (DNS) resolution; A domain name of 1 is a domain name corresponding to the IP address of the access terminal; An access control method comprising: controlling, by the access terminal, the user apparatus to access a target site corresponding to a domain name of the website according to the actual IP address.

Controlling, by the access terminal, the user device to access a target site corresponding to the domain name of the website according to the actual IP address, The access terminal replaces the IP address of the access terminal with the actual IP address so that the user device can access the target site corresponding to the domain name of the website. The access control method according to claim 1, further comprising:

Controlling, by the access terminal, the user device to access a target site corresponding to the domain name of the website according to the actual IP address, Starting an HTTP redirect request to the user device so that the access device can resume an HTTP request for the user device to access the target site according to the actual IP address; The access control method according to claim 1, wherein the HTTP redirect request includes the actual IP address.

The step of initiating the HTTP redirect request to the user device by the access terminal comprises: The access control method according to claim 3, further comprising a step of transmitting an HTTP redirect request packet or an HTTP redirect page to the user device by the access terminal.

The access control method according to claim 4, wherein the HTTP redirect packet is an HTTP response code 300, an HTTP response code 301, an HTTP response code 302, or an HTTP response code 307.

If the domain name of the website is the first domain name, a domain name system (DNS) response packet is sent by the access terminal to redirect the user device to a web management page of the access terminal. Further comprising the step of transmitting to the device; The access control method according to claim 1, wherein the DNS response packet includes the IP address of the access terminal.

A receiver configured to receive a hypertext transfer protocol (HTTP) request message sent by a user equipment, wherein a destination internet protocol (IP) address is an IP address of the access terminal, and the HTTP request message A receiver with the website domain name, If the domain name of the website is not the first domain name, an actual IP address corresponding to the domain name of the website is obtained according to a domain name system (DNS) resolution, and the user apparatus is configured according to the actual IP address. A processor configured to control access to a target site corresponding to a domain name of the website, wherein the first domain name is a domain name corresponding to the IP address of the access terminal; An access terminal having a processor.

A transmitter, The processor is configured to control the user device to access a target site corresponding to a domain name of the website according to the actual IP address; The processor determines the actual IP address of the destination IP address of the HTTP request message, which is the IP address of the access terminal, so that the user device can access the target site corresponding to the domain name of the website. The access terminal according to claim 7, wherein the access terminal is configured to replace with an address and to control the transmitter to transmit the HTTP request message with the destination address replaced.

A transmitter, The processor is configured to control the user device to access a target site corresponding to a domain name of the website according to the actual IP address; The processor controls the transmitter to initiate an HTTP redirect request to the user device so that the user device can resume an HTTP request to access the target site according to the actual IP address Configured as The access terminal according to claim 7, wherein the HTTP redirect request includes the actual IP address.

The access terminal of claim 9, wherein the transmitter is specifically configured to transmit an HTTP redirect request packet or an HTTP redirect page to the user equipment.

The transmitter controls a domain name system (DNS) under the control of the processor to redirect the user equipment to a web management page of the access terminal when the domain name of the website is the first domain name. Further configured to send a response packet to the user equipment; The access terminal according to any one of claims 8 to 10, wherein the DNS response packet includes the IP address of the access terminal.

An access control system having a user device, an access terminal, and a domain name system (DNS) server, The user equipment is configured to send a hypertext transfer protocol (HTTP) request message to the access terminal, a destination internet protocol (IP) address is an IP address of the access terminal, and the HTTP request message is Have the domain name of the website, The access terminal is A receiver configured to receive an HTTP request message sent by the user equipment; If the domain name of the website is not the first domain name, an actual IP address corresponding to the domain name of the website is obtained according to a domain name system (DNS) resolution, and the user apparatus is configured according to the actual IP address. A processor configured to control access to a target site corresponding to a domain name of the website, wherein the first domain name is a domain name corresponding to the IP address of the access terminal; A processor and The DNS server is an access control system configured to perform DNS resolution.

JP2013522100A2012-05-252012-05-25Access control method and system, and access terminal
ActiveJP5502239B2
(en)